The Lending Brief - October 7

Welcome to The Lending Brief,

This is your weekly update on what’s breaking (and fixing) modern lending.

Loan Fraud 2.0 - When Fraud and Lending Collide

👻 The Scary Part
Loan fraud has gone mainstream. The small-business lending market is racing toward $7.2 trillion by 2032, and criminals are keeping pace. Fraud against small businesses is up 70 percent since before the pandemic, and almost half of all loan applications show signs of manipulation.

The scale is staggering:

  • Fake documents up 311 percent

  • Deep-fake IDs up 1,100 percent

  • One major lender lost $200 million in a single case

Fraud rings now mix stolen and fake identities, AI-made pay stubs, and "money-mule" accounts to move cash through Zelle®, RTP®, and FedNow® in minutes. Voice cloning takes just one hour of video and a cheap subscription.

🔍 Want to see how scammers clone voices?
A Regions Bank fraud officer shows how scammers lift just an hour of audio from social media or voicemails to clone voices that fool even trained professionals.

One recent scam even used the death of Pope Francis to push fake "business support loans." The hook wasn't tech - it was emotion: urgency, trust, and authority.

And they're everywhere. Ninety-seven percent of mid-size firms were hit by social-engineering attacks last year, with fraudsters exploiting trust at every level.

💡 Why does it matter? 

  • Gaps between teams create openings. When lending, fraud, and compliance operate in silos, synthetic identities pass credit checks while sitting on internal watchlists. Mule accounts flagged by monitoring systems still get approved as “clean” loan disbursements — simply because teams never talk.

  • Next-gen owners expect instant approval. Fraudsters know it. Millennials and Gen Z business owners expect loans approved in hours, not weeks. When lenders rush to compete, verification steps get skipped or shortened - exactly when synthetic identities with AI-generated documents sail through.

  • SMB fraud exploits identity gaps. Small businesses require both personal (KYC) and business (KYB) verification, but most systems check them separately. Fraudsters pair real companies with fake owners - or real owners with shell companies—and each piece looks legitimate in isolation.

  • Breaches now happen silently. Ransomware announces itself. Modern fraud doesn't. Attackers quietly steal loan application data, customer lists, and internal credentials over weeks or months. By the time you discover it, they've already submitted dozens of applications using your own customers' information.

⚡ Action Steps: 

  • Connect lending and fraud data early. Share borrower behavior, device use, and red-flag alerts before funding.

  • Keep watching after approval. Sudden device switches or payment-pattern changes signal bust-out schemes — someone planning to drain funds and disappear.

  • Verify the owner-business relationship. Don't just check each piece separately. Confirm the person applying has legitimate ties to the company — matching addresses, verified roles, and aligned financial histories.

  • Test your team's response quarterly. Run a quick drill: "Suspicious application → device mismatch → who catches it and how fast?" Map where information flows break down.

  • Integrate KYC and KYB verification. Small businesses require both personal identity checks and business entity validation. Make sure your process connects the two — fraudsters exploit the gap between them.

  • Teach your team to pause. If a request feels rushed or emotional, double-check before sending money. Trust the instinct that "something's off."

 ZorroFi Insight

The biggest weakness isn't technology - it's timing. Most systems flag fraud after the funds are gone. The answer is fraud detection at intake - catching behavioral signals and document anomalies while they're still visible, not after disbursement.

Lenders that link their teams, confirm real relationships, and vet every partner touching the loan flow will stay ahead. The question isn't whether you can catch fraud - it's whether you catch it soon enough.

📚 Catch Up on the Fraud Series

Missed an earlier issue? Here’s your quick guide to the stories shaping 2025’s lending risk landscape:

💡 Each issue dives into a new dimension of modern fraud, connecting the dots between technology, behavior, and risk. Together, they offer a roadmap for lenders navigating today’s evolving threat landscape.

📺 Bonus resource

Want to understand the broader AI fraud landscape? This (fun) 21-minute TED talk breaks down how criminals use AI and deepfakes across industries.

💡 Want to dive deeper?

I work with community banks and credit unions on modernizing lending and member experience. If you'd like to see how this applies in practice, reach out for a short demo.

Want the full breakdown? Check out my LinkedIn newsletter Lending Insights, where I dive deeper into these trends every Thursday.

🙌 Help Us Grow

Know someone in lending who’d benefit from these insights? Forward this email — and hit reply if there’s a topic you’d like us to explore next.

📅 Next newsletter drops Tuesday, 10/14.

Warmly,

Sandra Wasicek
Founder & CEO ZorroFi